Yes, you can create your own "session" management approach, keeping in mind the following:

1. Unique ID - you must create a unique ID which gets carried through all client interactions. While the obvious approach is to use Cookies to carry the unique Id, if the client has cookies turned off you can use hidden values in forms.

2. Serializability - your class implementing your sessions should be serializable for ease of storage on disk or database.

3. Life cycle management - you will need a way to clean up after a session life is ended.